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IMPROVED DATA PROTECTION FOR POSITION DEPENDENT SERVICES 

CROSS REFERENCE TO RELATED APPLICATIONS 
[0001] This application is the US National Stage of International 
Application No. PCT/DE02/00027 filed January 8, 2002 and claims 
the benefit thereof. The application is incorporated by reference 
herein in its entirety. 

FIELD OF INVENTION 
[0002] The invention relates to methods and devices for 
interrogating the agreement of the mobile terminal user to the 
transfer of their position data to a requesting party. 

BACKGROUND OF INVENTION 
[0003] Privacy functions of the protection of the private sphere or 
other mobile terminal user by checking functions relating to the 
forwarding of the position of the mobile radio terminal 

[0004] The use of position data of aim a bale at Terminal user of a 
cellular mobile radio network for location dependants services 
such as for example information about the nearest gas station 
etc. (Location Services = LCS) is known from 3GPP-TS 23.271. 
However under some circumstances the user would like avoid any 
third party being able to interrogate their current position from 
the mobile radio network. Therefore the mobile terminal user 
needs a function which defines for any potential party requesting 
their position from the mobile radio network, whether the 
notification of this position data of the mobile terminal user to 
this interrogating party is generally allowed, is basically 
forbidden or can be allowed after verification with the mobile 
terminal user. This function is referred to as LCS User Privacy 
(also LCS user private sphere function) . 

[0005] In accordance with 3GPP Release 4 Standards TS 23.271 and TS 
29.002 the LCS-User Privacy is stored for each subscriber in a 
Home Location Register (HLR) in a number of privacy classes and 
is downloaded by the HLR to the MSC or SGSN visited by the user, 
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in which case an LCS user privacy function checks whether in the 
case of an interrogation about the position of the mobile radio 
terminal (Mobile Terminating Location Request MTLR) position data 
is to be transferred to the interrogating party from a GMLC. LCS 
privacy classes are provided for value added services, these 
being the call session-related class and the call session- 
unrelated class. In accordance with 3GPP Release 4 the user can 
specify for each of these two classes up to 240 LCS client IDs 
and for each client ID (identities potential parties requesting 
the position of the user) can define comprehensive specifications 
as to how the MSC/SGSN visited by the user is to perform the LCS 
user privacy check. For example it is possible to define that the 
user receives only one LCS notification (that is a notification 
that someone is requesting their position) or that the user 
receives an LCS verification (that is a verification to him 
before transfer of his position to the requesting party) and 
other options. If the LCS client ID is not stored in a list 
specified by the user, default behavior is executed in accordance 
with the user's specifications. 

[0006] The LCS user privacy defined by 3GPP (3GPP Standard TS 
23.271 and TS 29.002) needs relatively large amounts of memory 
space in the Home Location Register (HLR) of the mobile radio 
network and in the mobile switching center (MSC-SGSN.) and 
generates a high load during copying of conditions relating to 
the transfer of position data of the user to a requester from the 
HLR to the switching center currently being visited by the user 
(visited MSC/SGSN) . One of the reasons why the copying of the 
conditions is required is becausechecking of the conditions is 
undertaken in the switching center during a request for the 
position of a mobile radio terminal. 

[0007] The entire checking of the LCS user privacy settings relates 
here only to the LCS client ID of the requesting LCS client from 
whom the position request is sent via the GMLC to the switching 
center. 
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[0008] Further information about the type of the requesting service 
is not taken into consideration in 3GPP Release 4, and just as 
little attention is given to the identity of the requester 
(Requester ID) and conditions associated with it as well as 
further test conditions such as keywords etc. 

[0009] These additional conditions (additional attributes) relating 
to the transfer of position data of a user to a requester and the 
conditions in accordance with 3GPP Release 4, such as Client ID 
(LCS privacy data) are to be stored so that any number of 
additional attributes are possible without the memory space 
requirement in the HLR being further increased. 

[0010] A further restriction on the LCS privacy specified in 
accordance with 3GPP Release 4 is that in the case of national or 
international roaming (the mobile radio subscriber is not in his 
home network and is using a location dependent service in the 
visited a mobile radio network) the use of the LCS privacy 
function in the visited switching center MSC/SGSN in which the 
mobile radio subscriber is currently registered is only possible 
to a restricted extent because the local LCS Client IDs are 
possibly not known in the HLR and are not correspondingly entered 
by the mobile radio subscriber in his LCS privacy data. 

[0011] The approach currently evaluated, in accordance with Figure 
2 (Configuration 1) of storing the additional attributes in a 
separate LCS central privacy location, accessing this data of the 
LCS central privacy location from a GMLC and checking the LCS 
privacy data in the GMLC resolves the problem of restricted 
memory space in the HLR but presents the following problems to be 
resolved: 

[0012] The start or the execution of the Location Subscriber 
Privacy function (LSPF) is required by 3GPP to be at the 
switching center MSC/SGSN but is shifted by configuration 1 to 
the GMLC or into the LCS central privacy location. 
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[0013] The incorporation of the classification of the LCS position 
request or the separation of the LCS privacy into call/session- 
related and call/session-unrelated classes in the test process 
required in accordance with 3GPP is not possible or only possible 
with considerable effort with Configuration 1 in accordance with 
Figure 2. The notification of the current position determination 
or the demand for the permissibility of a position determination 
for the mobile subscriber involved, as required in 3GPP Release 
4, is not possible with the configuration in accordance with 
Figure 2 or is only possible with increased effort. 

[0014] Each GMLC of any mobile radio network which is connected 
directly or indirectly to the mobile radio network in which the 
mobile switching center currently visited by the mobile 
subscriber is located, can initiate a position request for this 
mobile subscriber. If the test condition is applied and the 
result is evaluated in the GMLC, this requires a high level of 
trustworthiness of this GMLC. 

[0015] A further use of the user interface of the mobile and 
terminal user based on Subscriber Controlled Input (SCI) to 
change his settings of the LCS privacy data in the HLR is not 
possible for changing his settings of the LCS privacy data in the 
LCS central privacy location or is only possible with increased 
effort . 

[0016] In the case of national or international roaming (the Mobile 
subscriber is not in his home network and is using a location- 
based service in the visited mobile radio network) it is only 
possible to use the test condition and to evaluate the result in 
the GMLC or in the LCS central privacy location by using the data 
which is stored in the LCS central privacy location in his home 
mobile radio network with increased effort. 



2002P00211WOUS Substitute Specification.rtf 



WO 03/058994 PCT/DE02/00027 

5 

[0017] If a number of GMLC and/or a number of LCS central privacy 
locations are used the assignment is unclear as to which GMLC is 
to access which LCS central privacy location. 

[0018] There are the following problems which already exist but are 
not resolved by a configuration in accordance with Figure 2 : 

[0019] Changes to the test conditions and the function for using 
the test conditions are associated with very high administrative 
effort for the network operator or are impossible if the LCS 
central privacy location and the network element in which the 
function for using the test conditions is executed are not 
collocated and/or cannot be synchronously administered. 

[0020] 3GPP Release 4 only specifies a LCS privacy on the basis of 
the LCS Client IDs. In the case of national or international 
roaming - the mobile subscriber is not in his home network and is 
using a location-based service in the visited mobile radio 
network) it is only possible to use the test condition and to 
evaluate the result in the MSC/SGSN in which the mobile 
subscriber is currently registered to a restricted extent, 
because the local LCS client IDs must have been known in the LCS 
central privacy location of the mobile subscriber or must have 
been correspondingly entered by the mobile subscriber in his LCS 
privacy data. 

SUMMARY OF INVENTION 
[0021] The object of the invention is to allow an efficient privacy 
request. The object is achieved by the claims. 

[0022] In accordance with the invention the function for using the 
test conditions can lie in an LCS central privacy location where 
the associated test conditions or the LCS privacy data in 
accordance with 3GPP Release 4 with additional attributes 
(including for example the IN services type, the initiator, time 
dependencies or others) are stored. The LCS central privacy 
location administers items such as subscriber data records of 
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mobile users of the home mobile radio network in which it is 
located. In the HLR the address of the LCS central privacy 
location responsible for the HLR and/or a mobile subscriber 
Identity are stored. 

[0023] When a mobile subscriber registers with a switching center 
the address of the LCS central privacy location stored in the HLR 
is preferably copied into the visited switching center. The 
position request can be classified into an LCS privacy class 
(Call-Session Related Class, Call-Session Unrelated Class...) in 
the switching center. The switching center usefully transfers to 
the LCS central privacy location the classification of the 
position request. Input Parameters for the Test conditions can be 
transferred from the position data requesting location (GMLC) to 
the switching center and these can be forwarded by the switching 
center - possibly together with further input parameters 
available in the switching center - to the LCS central privacy 
location. The use of the test conditions in the LCS central 
privacy location can be initiated by the switching center on the 
basis of a direct or an indirect position request. For initiation 
of the use of the test conditions the switching center usefully 
transfers the input parameters of the test conditions to the LCS 
central privacy location. 

[0024] The additional attributes held in the LCS central privacy 
location make it possible to use LCS as well in the case of 
national or international roaming without the local LCS client 
IDs being known in the HLR or being entered correspondingly by 
the mobile subscriber in his LCS privacy data. The LCS central 
privacy location can be subdivided into a number of individual 
network elements. The assignment of which LCS central privacy 
location is responsible for which mobile subscriber is made by ■ 
storing at the address of the LCS central privacy location in the 
HLR of the mobile radio subscriber or by a similar suitable 
method. The LCS central privacy location can be implemented at 
the SCP. A further use of the user interface of the mobile 
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terminal user based on Subscriber Controlled Input (SCI) to 
change his settings of the LCS privacy data in the LCS central 
privacy location is made possible through an interface between 
the switching center and the HLR and between the HLR and the LCS 
central privacy location. If the LCS central privacy location is 
implemented at the SCP, this interface is already present. 



[0025] Further features and advantages of the invention are 
produced by the subsequent description of an exemplary embodiment 
with the enclosed drawings. 

[0026] The drawings show: 

Fig. 1 an LCS privacy check in accordance with 3GPP R4, 
Fig. 2 a variation of the 3GPP R4 solution and' 

Fig. 3 a schematic diagram of a variation in accordance with the 
invention of this LCS privacy check. 



[0027] In Fig. 1 a request 1 is sent from an LCS application 11 to 
a position data request acceptance location (GMLC) 12 which 
forwards this request for position data in step 2 to a switching 
center (SGSN/MSC etc.) 14 currently being visited by a mobile 
subscriber (MS) 13. The switching center SGSN/MSC 14 has stored 
(e.g. at regular intervals) in a step 0 specifications downloaded 
from an HLR about mobile terminal users (LCS privacy data 18) 
which tell it whether to verify with the mobile subscriber 
terminal 13 before transferring the position of the mobile 
subscriber terminal to the requester 11. 

[0028] Before the privacy data 18 is checked the position data 
request 2 is classified 19 in the switching center (MSC/SGSN) 14. 
For Value Added Services various LCS privacy classes are 
provided, namely the call session-related class and the call 
session-unrelated class. The result of the classification 
determines which data of the privacy data 18 is taken into 



BRIEF DESCRIPTION OF THE DRAWINGS 



DETAILED DESCRIPTION OF INVENTION 
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account. If the privacy checking 20 prescribes a verification of 
this type, in step 3 the switching center 14 asks the mobile 
terminal 13 whether the user of the mobile terminal 13 would like 
to grant his permission to allow the requester 11 to determine 
the position of his mobile terminal. This mobile terminal can 
either give an answer 4 to this request from the switching center 
14 or under some circumstances cannot give an answer, if the 
mobile terminal is not in use for example, is switched off or is 
located in a radio coverage gap. If a transfer of the position of 
the mobile terminal to the requester 11 is basically allowed, is 
allowed with notification (step 3) or if an alternative to this 
is to allow it after agreement 4 has been obtained and agreement 
is available or if a alternatively it is specified that if no 
rejection of the agreement arrives the position is transferred, a 
transfer of the position of from the switching center 14 to the 
requester 11 can take place. The switching center 14 requests in 
step 5 from a RAN of a 3G network or a BSS of a 2G networks etc. 
the position of the mobile radio terminal 13 (for example as a 
result of the cell identity of the radio cell currently being 
used by the mobile terminal 13) and in step 6 obtains the current 
mobile radio terminal position in return. If the position is to 
be transferred to the requester 11, the switching center 14 
transfers the data representing the position to the position data 
acceptance location GMLC 12 in step 7 which forwards this data 
without further conditions in step 8 to the requester 11 (if 
necessary specifying at the age of the position data provided the 
age has been determined by the position data determining location 
RAN/BSS 15 or the switching center 14 ) . 

[0029] Figure 3 shows a configuration in accordance with the 
invention to improve the LCS privacy request: 

[0030] The upwards compatibility of a mobile radio network in 
accordance with 3GPP Release 4 Standard to a mobile radio network 
with a configuration in accordance with the invention is 
possible . 
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[0031] As also in the solution shown in Figure 1, a Home Location 
Register of the mobile radio network HLR 16 transfers on request 
or at regular intervals in a step 0 for a multiplicity of mobile 
subscribers to the switching center (e.g. currently being used by 
the mobile subscriber 13 ) SGSN/MSC 14 or (for regular 
transmission) to all switching centers a set of specifications 
(LCS data) 23=24 which in Figure 3 however specify how an LCS 
central privacy location 2 6 which is responsible for the privacy 
of the mobile terminal user 13 is to be contacted by stored 
verification specifications 24 (relating to a plurality of mobile 
terminal user identities, assigned to these by the identity of 
the mobile terminal 13 or of the mobile subscriber identity 
module of the mobile terminal 13) - for example the LCS data 24 
includes an address of the LCS central privacy location. The fact 
that the privacy data is no longer stored in the HLR but in the 
LCS central privacy location (database server 26) allows the 
network load between HLR 16 and switching center MSC/SGSN 14 and 
the memory requirement in the HLR to be significantly reduced. 

[0032] The variation of the execution sequence discussed for Figure 
1 in accordance with the invention can thus be as follows: 

[0033] In step 0 LCS data 24 which contains address information of 
the LCS central privacy location responsible for the mobile 
station 13 in each case is transferred (on request or at regular 
intervals) from the Home Location Register HLR 16 to the 
switching center SGSN/MSC 14 for each mobile station 13 
registered there. 

[0034] There is a transfer 1 of an LCS service request from an LCS 
customer (requester 11) to the position data requesting location 
GMLC 12 and transfer of the required and optional data relating 
to the request (Client ID, IMSI/MSISDN, QoS, requester, ...) 

[0035] Subsequently, as in the method above, the request 2 is 
classified in exchange 14. By contrast with the above method 
however the LCS privacy is not checked in the switching center. 
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After the classification the privacy request 2a is sent to the 
LCS central privacy location 26. The address of the LCS central 
privacy location 26 is taken from the LCS data 24. 

[0036] In step 2a the switching center 14 sends a request 2a, which 
contains test conditions, such as a class of the request 
(Call/Session Related, Call/Session Unrelated. . . ) and additional 
test parameters received in the request 2, for example LCS client 
ID, initiator and LCS client type, for checking the privacy 
functions of the mobile radio terminal user 13, to the LCS 
central privacy location 2 6 for which the address is specified by 
the LCS data 24, or to a predefined LCS central privacy location 
26. 

[0037] In step 2b the LCS central privacy location 2 6 executes the 
check on the LCS privacy 20. The LCS privacy 2 0 can be checked in 
accordance with 3GPP R4 on the basis of the classification 
received and the Client ID of LCS application 11 received or 
above and beyond this, can use additional attributes 21, such as 
for example take account of the received LCS client type and/or 
initiator, and/or possibly additional locally-available test 
parameters - for example the current time (26) . 

[0038] These steps are followed by steps 3 through 8 already 
specified for Figure 1 (verification 3,4 with mobile terminal 13, 
position determination 5,6, and if allowed for the mobile station 
13, position data transfer 7,8). 



[0039] As an alternative to the method specified above the LCS 
central privacy location 26 can be implemented at the SCP so that 
a user interface implemented by Subscriber Controlled Input (SCI) 
which can modify the LCS privacy data 18 in accordance with 3GPP 
R4 in the HLR, can also continue to be used unchanged for the LCS 
central privacy location 2 6 at the SCP or can be expanded. 

[0040] As a further alternative to the method specified above the 
LCS central privacy location at 26 can be subdivided into a 
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database which contains the LCS privacy data 18 and the 
additional attributes 21 and into an additional unit which 
executes the LCS privacy check 20. 

[0041] As a further alternative to the method specified above the 
LCS privacy data, as described for Figure 3 can be stored in the 
central privacy location 26, but to allow upwards compatibility 
with Home Location Registers HLR 16 which do not (yet support the 
inventive improvement of the LCS privacy, LCS privacy data 18 
stored in the privacy central location 2 6 can be transferred 
and/or synchronized on request or at intervals in a suitable 
form, possibly in accordance with 3GPP Release 4 and by means of 
a suitable procedures such as for example an interface between 
central privacy location 2 6 and Home Location Register 16, so 
that the Home Location Register HLR 16 can transfer the LCS 
privacy data in a step 0 as described in Figure 1, to a switching 
center 14. The upwards -compatible component of the LCS privacy 
check of the central privacy location at 2 6 is performed in 
accordance with the privacy classification 19 in the switching 
center 14 as described in Figure 1 and the result is transferred 
as an additional input parameter or to the central privacy 
location 26 in step 2a. 

[0042] As a further alternative to the method specified above the 
LCS privacy data 18 can remain in the Home Location Register 16, 
as described in Figure 1 and only the additional attributes are 
stored in the central privacy location 26. The address of the 
central privacy location 2 6 is to be stored in the HLR. The 
combination of the results of the LCS privacy data check in the 
switching center 14 and the check on the additional attributes in 
the central privacy location 2 6 can be undertaken in the 
switching center 14 or in the central privacy location 2 6 and can 
depend on whether the mobile terminal user is located in his home 
mobile radio network or is using another network within or 
outside the home country. 
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1.-17. (cancelled) 

18. (new) A method for requesting the agreement of a user of a 
mobile terminal of a mobile radio network to the transfer of their 
position data to a party requesting this position data, the method 
comprising: 

causing, by the switching center of the mobile radio 
network, in the case of the arrival of a request from a requester 
for the position of the mobile terminal in the switching center, 
a database server to make a check on the basis of data stored there 
relating to the mobile terminal verification rules as to whether an 
agreement on the mobile terminal side to forward the mobile terminal 
position to the requester must be obtained; 

sending the result of this check to the switching center; 

sending, by the switching center, if the result at least 
indicates that an agreement must be obtained, a request for an 
agreement to the mobile terminal; and 

transmitting, if the agreement is received by the switching 
center, the position of the mobile terminal to the requester. 

19. (new) The method according to Claim 18, wherein the request 
arrives at a position data acceptance location of the mobile radio 
network. 

20. (new) The method according to Claim 18, wherein the switching 
center is an MSC or SGSN. 

21. (new) The method according to Claim 18, further comprising: 

requesting, by the switching center, the position of the 
mobile terminal from a BSS or RAN of the mobile radio network. 

22. (new) The method according to Claim 18, wherein 

a verification rules specification can only comprise a 
prespecified set of different instructions, especially one of the 
following instructions: position data transfer without notification, 



2002P0021 1WOUS Substitute Specification.rtf 



WO 03/058994 PCT/DE02/00027 

13 

position data transfer with notification to the mobile terminal, 
position data transfer only after agreement of the mobile station or 
if no response is received from the mobile station, only transfer 
position data with the agreement of the mobile station. 

23. (new) The method according to Claim 18, further comprising: 

storing, for a multiplicity of mobile subscriber identity 
modules and/or mobile stations, verification rules specifications 
and identity specifications for the mobile terminal or for a mobile 
subscriber identity module contained in it. 

24. (new) The method according to Claim 18, further comprising: 

regularly receiving, by a switching center, especially a 
Visitor Location Register of a switching center from the Home 
Location Register of a mobile network the telecommunications address 
of the database server or receiving it when a mobile terminal 
registers at the switching center or its Visitor Location Register 
VLR . 

25. (new) The method according to Claim 18, wherein position data is 
only transferred to a requester if this is allowed for the period of 
the recording of the position according to stored conditions for the 
user of the mobile station or its mobile subscriber identity module 
through attributes stored in the database. 

26. (new) The method according to Claim 18, further comprising: 

changing the conditions by the user via their mobile 
terminal or another terminal by mobile radio, WAP, Internet, fixed 
network or in another way. 

27. (new) The method according to Claim 18, wherein the switching 
center is the mobile switching center currently being used by the 
mobile terminal . 

28. (new) The method according to Claim 18, wherein the database 
server is arranged in an SCP. 
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29. (new) The method according to Claim 18, wherein the database 
server is a database comprising the verification rules 
specifications and possibly additional attributes and comprising an 
additional unit which makes the check. 

30. (new) The method according to Claim 18, further comprising: 

storing the entries in the database server but, to make 
upwards compatibility with a Home Location Register, which does not 
support the improvement of the LCS Privacy in accordance with the 
invention, transmitting entries to a mobile network Home Location 
Register on request or at regular intervals, so that the mobile 
network Home Location Register can transmit the entries to a 
switching center . 

31. (new) The method according to claim 30, further comprising 

performing a proportion of the checks in accordance with 
a classification in the switching center; and 

transmitting the result as an additional input parameter 
to the database server. 

32. (new) The method according to claim 31, further comprising 

storing the entries in a Home Location Register; 
storing only additional attributes in the database 

server; and 

storing the address of the database server in the Home 
Location Register. 

33. (new) A switching device, comprising 

an input mechanism for requests from a requester for 
position data of a mobile station; 

an output mechanism for transfer of position data to the 
requester; and 

a memory for an address of a database with an interface 
to a Home Location Register for downloading the address of the • 
database into the memory of the switching device, wherein 
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the switching device is embodied such that on request for 
the position of a mobile terminal, the switching device in 
accordance with the verification rules specifications transferred to 
it from the database asks the mobile station for agreement to 
transfer its position data. 
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The invention relates to a privacy function check which is efficient 
in terms of network load, and is carried out by means of a method 
for requesting the agreement of a user of a mobile radio terminal of 
a mobile radio network, relating to the transmission of the position 
data of said terminal to a requester requesting said position data. 
In the event of an arrival of one such request in a switching center 
of the mobile radio network, said switching center prompts a 
database server to check, by means of consultation information 
stored in the server and relating to the mobile radio terminal, 
whether an agreement must be obtained from the mobile radio terminal 
in order to transmit the position of said terminal to the requester, 
the result of the check then being sent to the switching center. At 
least when the result indicates that an agreement must be obtained, 
a request for the agreement is sent from the switching center to the 
mobile radio terminal, and, if an agreement is obtained, the 
position of the terminal is transmitted to the requester. 
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